CVE-2013-7263
N/A
N/A
Summary
The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.ubuntu.com/usn/USN-2135-1
- http://rhn.redhat.com/errata/RHSA-2014-0159.html
- http://www.ubuntu.com/usn/USN-2138-1
- http://www.ubuntu.com/usn/USN-2108-1
- http://rhn.redhat.com/errata/RHSA-2014-0285.html
- http://www.ubuntu.com/usn/USN-2113-1
- http://www.ubuntu.com/usn/USN-2141-1
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
- http://www.ubuntu.com/usn/USN-2110-1
- http://seclists.org/oss-sec/2014/q1/29
- http://www.ubuntu.com/usn/USN-2136-1
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html
- http://www.ubuntu.com/usn/USN-2139-1
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4
- https://github.com/torvalds/linux/commit/bceaa90240b6019ed73b49965eac7d167610be69
- http://www.ubuntu.com/usn/USN-2117-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1035875
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html
- http://secunia.com/advisories/56036
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
- http://www.ubuntu.com/usn/USN-2109-1
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html
- http://www.ubuntu.com/usn/USN-2107-1
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=bceaa90240b6019ed73b49965eac7d167610be69
- http://www.openwall.com/lists/oss-security/2013/11/28/13
- http://secunia.com/advisories/55882
References
- http://www.ubuntu.com/usn/USN-2135-1
- http://rhn.redhat.com/errata/RHSA-2014-0159.html
- http://www.ubuntu.com/usn/USN-2138-1
- http://www.ubuntu.com/usn/USN-2108-1
- http://rhn.redhat.com/errata/RHSA-2014-0285.html
- http://www.ubuntu.com/usn/USN-2113-1
- http://www.ubuntu.com/usn/USN-2141-1
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
- http://www.ubuntu.com/usn/USN-2110-1
- http://seclists.org/oss-sec/2014/q1/29
- http://www.ubuntu.com/usn/USN-2136-1
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html
- http://www.ubuntu.com/usn/USN-2139-1
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4
- https://github.com/torvalds/linux/commit/bceaa90240b6019ed73b49965eac7d167610be69
- http://www.ubuntu.com/usn/USN-2117-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1035875
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html
- http://secunia.com/advisories/56036
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
- http://www.ubuntu.com/usn/USN-2109-1
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html
- http://www.ubuntu.com/usn/USN-2107-1
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=bceaa90240b6019ed73b49965eac7d167610be69
- http://www.openwall.com/lists/oss-security/2013/11/28/13
- http://secunia.com/advisories/55882
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.